perl-ldap-dev

SSL is slow

[<la...@sp...>]

Hi again list,

Working with Novell NDS/eDir, I have to login to my LDAP server using
SSL.

Whilst this is not a problem, it=27s rather slow. After login, everything
runs pretty fast, but it does take quite a while to login.

As I=27m on a protected network, I don=27t really care about the
certificate on the server - it=27s self-assigned, so I tell Perl LDAP to
ignore it. On the other hand, I want encrypted communication to avoid
evesdropping with a sniffer.

Is there any way to speedup this initial login?

Regards,
Lars

Lars Skj=E6rlund, Network Consultant, Spinn International ApS
Bukkeballevej 30, 2960 Rungsted Kyst, Denmark
Tel.: +45 70 25 88 10, Fax: +45 70 25 88 44
Mail: lars=40spinn.dk Web: http://www.spinn.dk
--

Re: SSL is slow

[Chris R. <chr...@me...>]

Lars Skj=E6rlund <la...@sp...> wrote:
> Hi again list,
>=20
> Working with Novell NDS/eDir, I have to login to my LDAP server using
> SSL.
>=20
> Whilst this is not a problem, it's rather slow. After login, everything
> runs pretty fast, but it does take quite a while to login.
>=20
> As I'm on a protected network, I don't really care about the
> certificate on the server - it's self-assigned, so I tell Perl LDAP to
> ignore it. On the other hand, I want encrypted communication to avoid
> evesdropping with a sniffer.
>=20
> Is there any way to speedup this initial login?
>=20
> Regards,
> Lars

About the first thing that happens on a TLS connection is a crypto
"handshake", and it sounds like this is what is being slow for you.

Common reasons for that are that the client wants a different strength
symmetric key than the server has, so the server has to generate a new one
for you. (Something like that anyway, my memory is pretty hazy.) So check
what key lengths and algorithms you're asking for, and what the server
supports.

You can run the openssl s_client program in verbose/debug mode to find out
what the server's advertising, which might help.

Cheers,

Chris

Re: SSL is slow

[Gary F. <fl...@jm...>]

Lars Skj=E6rlund wrote:
>=20
> Is there any way to speedup this initial login?

Encryption is a CPU intensive process. Check your CPU
utilization to see if your server processor is a=20
bottleneck. If so, an obvious solution would be to=20
upgrade the processor. On another platform, a hardware=20
crypto board may be a solution but I'm not sure if one=20
is available for Novell.

--=20
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

Re: SSL is slow - unsubscribe

[Prakash S. <Pra...@ns...>]

unsubscribe

Gary Flynn wrote:

>Lars Skj=E6rlund wrote:
>
>>Is there any way to speedup this initial login?
>>
>
>Encryption is a CPU intensive process. Check your CPU
>utilization to see if your server processor is a=20
>bottleneck. If so, an obvious solution would be to=20
>upgrade the processor. On another platform, a hardware=20
>crypto board may be a solution but I'm not sure if one=20
>is available for Novell.
>

Re: SSL is slow - unsubscribe

[Graham B. <gb...@po...>]

It you look in the headrs of any Email from this list you would
find the details of how to unsubscribe.

List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/perl-ldap-dev>,
        <mailto:per...@li...?subject=unsubscribe>

On Tue, Apr 16, 2002 at 09:46:10AM -0700, Prakash Subramanian wrote:
> unsubscribe
> 
> Gary Flynn wrote:
> 
> >Lars Skjærlund wrote:
> >
> >>Is there any way to speedup this initial login?
> >>
> >
> >Encryption is a CPU intensive process. Check your CPU
> >utilization to see if your server processor is a 
> >bottleneck. If so, an obvious solution would be to 
> >upgrade the processor. On another platform, a hardware 
> >crypto board may be a solution but I'm not sure if one 
> >is available for Novell.
> >
>